[Bro] Broccoli worker problems with TimeMachine

Allen Pomeroy apomeroy at networkforensics.org
Wed Jun 9 10:20:52 PDT 2010

I am trying to get Time Machine (tm-20090206) running with broccoli to support both interaction with Bro-IDS 1.5.1 and the command line tm-query interface within Time Machine.  Time Machine configured, compiles and runs ok (including capturing packets and allowing queries on localhost 42042/tcp), however when I try to connect (anything) to the bro listener, the tm process panics and immediately abends (nothing useful when I run strace against it during the crash).

The only related messages in the tm.log are:
1276102721.251917 broccoli-listen: listening for incoming connections on port 47757...
1276102721.251938 broccoli-init: listen_thread started [a5dc8b90]
1276102731.190267 broccoli-listen: accepted connection
1276102731.190405 broccoli-listen: started Broccoli worker [a4dc3b90]
1276102731.190435 broccoli-worker: running Broccoli worker [a4dc3b90]

Where the broccoli-worker message appears immediately apon connection (via telnet localhost 47757), and the tm process immediately abends.

I'm running on Linux (Ubuntu 9.04 32 bit 2.6.28-11-server) and all the code was compiled with gcc-4.3.3 and g++-4.3.3.  The firewall (iptables) is also the Bro-IDS and TM system, and it's monitoring an attacker (backtrack 4.0) running against a web application on an apache 2.2.12 server (all on a MacBook Pro OS X 10.6.3 with VMware Fusion 3.0.1).

Any ideas where I should start looking for the cause of the abends?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100609/5c261bbc/attachment.html 

More information about the Bro mailing list